The worry for IT departments is that these third-party apps may not have particularly robust security protocols in place because many were developed primarily with consumers in mind.

　　And the data itself may be stored in foreign countries governed by less stringent data protection laws.

　　"App security is the skeleton in the closet," says Cesare Garlati, chief security strategist at Prpl Foundation, a non-profit body promoting open source software standards.

　　"Software is assembled these days, not written - developers use libraries, so you don't know what bits of defective code may be lurking in an app compromising its security," he says.

　　"Bring Your Own Device [using your own smartphone, tablet or laptop for work purposes] was always a big threat to the security model - corporations lose control."

　　While companies take great pains to protect personally identifiable information, such as social security and credit card numbers, it's often the seemingly innocuous information that can give fraudsters the ammunition to make a phishing email more believable, say, or an invoice payment request more plausible.

　　Other threats

　　Many apps are also laden with malware - another threat to corporate security.

　　"Most [malware-laden] mobile apps are being monetised by selling users' information and phishing for banking credentials," says Mr Kalember.

　　"Many organisations have lost money via these phishing apps - which often pretend to be something else, such as a Flash player or even a Bible app - when they've allowed people in their finance departments to access corporate bank accounts via mobile devices."

　　And Syncplicity's Mr Huberman points out that if a company doesn't know what apps their staff are using or what data is being shared, it poses a problem when those staff leave for other companies.

　　"All that data goes with them," he says, "possibly to your competitors."

　　And web-based email programs can be just as risky.

　　Before doctors were given a secure environment in which to share confidential patient details with each other, many would use open email programs such as Gmail, in clear breach of data privacy regulations, says Mr Huberman.

　　privacy

　　n. 隐私，秘密; 隐居; 私事; 不受公众干扰的状态;

　　例句：

　　He saw the publication of this book as an embarrassing invasion of his privacy.

　　他觉得这本书的出版侵犯了他的私生活，让他十分难堪。

　　其他：

　　复数：privacies

　　"They realised this but their argument was that they needed to consult with colleagues to save lives. We were able to give them the right tools to share data securely on any device without violating any regulations."

　　Plugging the leaks

　　So what should businesses be doing about this issue?

　　The advice from security experts is pretty consistent and can be boiled down to a few bullet points:

　　Instigate a mobile device management program capable of identifying the apps installed on users' devices and what their security and privacy policies are like

　　Make sure all corporate devices are encrypted

　　Make clear to staff what corporate data can and cannot be shared with third-party apps

　　Monitor what apps and data are being accessed on company networks

　　Educate staff to identify risky behaviour and how to spot phishing emails

　　Give staff the productivity tools they need so they don't feel tempted to download non-approved apps

　　Of course, none of this is easy, and for many companies the horse has already bolted. But when you're in a tug of war and feel the rope slipping between your hands, you don't immediately let go, do you?